Oracle Labs Australia

Overview

Oracle Labs, Australia was established in 2010 and is located in the Brisbane Central Business District, in close proximity to local universities.
Best known for its work on static code analysis that led to the Oracle Parfait bug checker, the focus of the lab is on Program Analysis as it applies to finding bugs in software, detecting security vulnerabilities, testing, and enhancing developer productivity. Our projects aim at advancing static and dynamic analysis and visualisation techniques to scale out to millions of lines of source code, while at the same time producing highly precise results.

PERMANENT

A Senior Member of Technical Staff development position is available in the Program Analysis group within Oracle Labs, Australia, to work in the Memory Safe C project in the first instance, with contributions towards other Labs projects afterwards. The successful candidate will have 5 years of professional experience in industry, conceptual or practical understanding of operating systems and architecture, and experience with static compilation and optimisation techniques, or with dynamic code optimisation and generation. The position involves dynamic analysis of program execution for memory safety of production codebases, along with static code analysis techniques. The position includes development of the prototype, testing with multi-threaded codebases of interest to the company, benchmarking and experimentation with new ideas.

Oracle Labs is the research arm for Oracle, focusing on applied research that produces new technologies of interest to the company. Oracle Labs, Australia, based in Brisbane, focuses on Program Analysis as it applies to a variety of domains, including bug-checking, security analysis, enhancing productivity, testing and more. The team is best known for its research on static code analysis that led to scalable and precise algorithms embedded in the Parfait bug-checking tool. For more information please refer here.

Oracle Labs Australia is based in Brisbane and interfaces with a variety of product organisations in the US and Europe. Through these interactions we determine problems that such organisations face, which can potentially be simplified by means of software tools. We design new analysis techniques that aid in the development of such tools, and interface with the product organisations to evaluate the results of the analysis and the tool; iterating over this approach. You also get the opportunity to be involved in technology transfer -- how to convert research ideas into technologies that are embedded in products.

INTERNSHIPS

Explorations for a New Information Visualisation, 6 months, PhD or Masters student - The successful candidate will assist in determining the direction of a possible new information visualisation project. The project will likely focus on a specific field, such as software visualisation, but aims to develop innovations applicable more generally. The position will involve trying out a variety of relevant academic, commercial, and internal visualisation tools and techniques to gauge the current state of the art, and subsequently performing initial experiments in one or two promising research areas. This work will contribute to the core goals and ideas for the new project ahead of its proposal.

Evaluation of Experimental Datalog Compiler for Static Program Analysis, 6 months, PhD, Masters or advanced under graduate student - The aim of this project is to evaluate the Datalog compiler in terms of both performance and ease of specification, by implementing a series of program analyses in Datalog specifications and integrating them into Parfait. The project is also expected to involve proposing and implementing changes to the Datalog compiler and/or infrastructure in order to improve the usability of the tool.

Adaptable Context-Sensitive Points-To Analysis for Large-Scale Java Codes, 6 months, PhD, Masters or advanced under graduate student - This project will explore the design space for scalable and precise analysis. In particular, we will study the aspect of adaptive context-sensitive in conjunction with compositional points-to analysis. Adaptive context-sensitivity is a technique to perform procedure cloning only at call-sites which improve the precision of the points-to analysis rather than applying the same context-sensitivity to all call-sites. A compositional points-to analysis permits to compose points-to analysis of packages in a bottom-up fashion.

INTERNSHIP FILLED - Partial Parsing for Security Analysis of Web Applications, 6 months, PhD or Masters student - The successful candidate will work on the analysis of web-based applications, for the purposes of finding security vulnerabilities related to tainted data. Web-based applications are often written using a combination of different languages, including Java, JSP, JSF and XML. In the context of this project, the candidate will implement partial parsers for these languages, focusing on parts of these languages that are relevant to security.

INTERNSHIP FILLED - Generating Traces from Flow-Insensitive Static Program Analysis, 6 months, PhD, Masters or advanced under graduate student - This project will explore the theory of converting flow-insensitive analysis information to flow-sensitive analysis information as a postmortem step of the flow-insensitive analysis. The postmortem step will overlay the data-flow information with the control-flow structure using the notions of language intersection of formal languages.

INTERNSHIP WITHDRAWN - String Manipulation Support for JDK Analysis, 6 months, PhD, Masters or advanced under graduate student - Oracle Labs Australia is currently engaged in the research and development of analysis tools to detect security vulnerabilities in the Java Development Kit (JDK). As JDK often uses strings to identify classes and methods, the symbolic reasoning of strings is thus essential.
The aim of the project is to design and implement a symbolic string reasoning unit for analysis tools, specifically for strings that are used to identify Java software components.